North Korean hackers are in all probability working with Russian-speaking cybercriminals on ransomware and different malicious software program, researchers mentioned Wednesday.
Security agency Intel 471 mentioned in a report it discovered hyperlinks between North Korean hacker group Lazarus, recognized for assaults on banks worldwide, and a Russian-operated malware operation known as TrickBot.
TrickBot is described within the report as a “malware-as-a-service offering, run by Russian-speaking cybercriminals, that is not openly advertised on any open or invite-only cybercriminal forum or marketplace.”
It works with “top-tier cybercriminals with a proven reputation,” the report mentioned.
The Intel 471 report mentioned different safety researchers have pointed to potential hyperlinks between the teams, however that its investigation discovered extra proof, together with indicators that malware developed in North Korea was provided on the market on Russian marketplaces.
“Our conclusion is that we deem it likely that threat actors running or having access to TrickBot infections are in contact with DPRK (North Korean) threat actors,” the report mentioned.
“DPRK threat actors likely are active in the cybercriminal underground and maintain trusted relationships with top-tier Russian-speaking cybercriminals.”
It added that “malware believed to be only used and probably written by DPRK threat actors was very likely delivered via network accesses held by Russian-speaking cybercriminals.”
(This story has not been edited by NDTV workers and is auto-generated from a syndicated feed.)